- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ISP Subnet available on VLAN without NAT
Hi i need some help.
I got a customer where we are migrating there current VOIP platform to a new one.
For the new VOIP devices we ordered a IPVPN (Private ISP subnet)
Were trying to handout that subnet from the ISP 192.168.110.2/255.255.255.0 to our VLAN 110 devices.
But i cant get it to work.
Any one got any idea how to implement this?
Help would be great!
- Labels:
-
FortiGate
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 07-06-2022 11:57 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Mvthul ,
Thank you for posting on Fortinet Community Forum. As per your configuration, this will not work as you are trying to the same subnet for the trunk interface(internal 3) and the sub-interface(VLAN 110).
You would have to change the IP subnet on the trunk instead.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So it’s not possible to make the IP subnet coming in on internal 3 to VLAN 110 ? Even with overlapping subnets on? We need to get those devices in VLAN 110 in the 192.168.110.0/24 subnet some how. I know draytek calls it the IP routed subnet feature. But can Fortigate do this also somehow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's possible but has to be a separate subnet. I'm not sure how IPVPN works but I would assume they use a separate subnet from the main interface one. Are your sure about this?
Toshi
Created on 07-06-2022 12:30 PM Edited on 07-06-2022 12:31 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interface3 is 192.168.110.2/255.255.255.255
But we got the whole subnet available 192.168.110.0/255.255.255.0 for our devices(from KPN RoutIT). It’s a private connection for our voip devices within the network of KPN. But they need to be in the same subnet without NAT for best experience.
Created on 07-06-2022 12:35 PM Edited on 07-06-2022 12:36 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The whole subnet the /24 is bound to the non-tagged interface. Each VLAN (tagged-interface) on the same physical interface are just different interfaces, which need to have a different subnet each.
Generally the same thing happens on the ISP's device side. So when they provide another interface with a different VLAN tag, they have to assign a different subnet.
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
look at this as example!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think you can do the same with an FGT. Or replace the DrayTek device with an FGT.
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for ur reply! Ill think of a other solution.